Scammers steal millions from FTX, BlockFi claimants

Customers of bankrupt crypto platform BlockFi have been targeted with a very convincing phishing email impersonating the platform, asking them to connect their wallet to complete the withdrawal of remaining funds.

Judging by this Reddit thread, many have fallen for the scam and have had their cryptowallet emptied. Web3 security consultant and threat researcher Plumferno says the scammers pilfered millions in just five days.

The latest BlockFi phishing campaign

BlockFi was a digital asset lender that filed for Chapter 11 bankruptcy protection after it lost access to funds in the wake of the bankruptcy of the FTX cryptocurrency exchange and the Silicon Valley Bank shutdown.

In October 2023, BlockFi emerged from Chapter 11 bankruptcy and said it will allow customers to claim their remaining crypto assets in waves, over several months.

This latest phishing campaign impersonates the BlockFi team, and it’s pretty well made: no typos and quality brand impersonation (BlockFi logo).


The phishing email impersonating BlockFi (Source: BlockFi)

The scammy emails come from “” and apparently haven’t been flagged as potentially malicious by spam filters.

Some of the recipients commented that they received an email address they used only for BlockFi. Plumferno says its likely these emails have been grabbed in the January MailerLite database breach.

(In August 2023, attackers managed to steal personal information of BlockFi, FTX and crypto asset lender Genesis bankruptcy claimants from advisory firm Kroll, who manages claims on behalf of those companies.)

Plumferno says that a similar email – but with a different company logo – has been sent to FTX customers/creditors, as well.

What to do (and what not to do)?

BlockFi has also issued a warning on Friday about increasing phishing attempts against its clients.

“As we approach the closing of the initial round of estate withdrawals through the BlockFi App, you should expect an uptick in phishing attempts and spam phone calls,” the company noted.

They advise customers to be extra vigilant of email scams and be wary of non-standard communication attempts (e.g., via phone calls, text messages, or social media).

“We recommend that you always go to our website directly and never click on a link in an email to log in,” they note.

Customers who have fallen for this latest phish and have connected their wallet to the site should revoke access to the smart contract and revoke the app’s access to their wallet immediately.

Don't miss